Susan Fredman Design Group employed Jill Maremont as its Director of Marketing, Public Relations, and E-Commerce. In that capacity, she used her own personal Twitter account and Facebook page to promote SFDG’s business. To keep track of the various social media campaigns she was conducting for SFDG, Maremont created an electronic spreadsheet, on SFDG’s computer and saved on SFDG’s server, in which she stored the passwords for her accounts. It appears that Maremont provided access to, or copies of, the spreadsheet to other SFDG employees to assist in her social media posts on behalf of the company.

Maremont suffered injuries in a serious car accident that kept her out of work. During that time, she claimed that SFDG employees, without her permission, accessed her Facebook and Twitter accounts and posted on her behalf.

In the ensuing lawsuit — Maremont v. Susan Fredman Design Group (N.D. Ill. 3/4/14) — Maremont alleged violations of the Lanham Act (that SFDG unlawfully passed itself off as Maremont), and the StoredCommunicationsAct (that SFDG unlawfully accessed her electronic accounts without her permission). The district court dismissed the Lanham Act claim, but permitted the Stored Communications Act claim to proceed to trial.

Legal intricacies aside, the case is both instructive and troubling.

This case is instructive because it shows the danger when a company fails to brings its social media accounts in-house. Maremont used her personal Facebook and Twitter accounts for her employer. When she was out of the office for an extended period of time, instead of letting its social media presence falter, SFDG used Maremont’s account information to continue posting. How could SFDG have avoided these potential legal traps and an expensive lawsuit? Either by requiring that Maremont use its own social media accounts for official company business, or by having a written agreement with her that it had the right to access her mixed-use personal accounts. The former is cleaner and less risky, but the latter would have still likely kept it out of court, even if mixed-use accounts are harder to untangle at the end of employment.

This case is troubling because it sets the precedent that an employer to which an employee provides passwords to the employee’s social media accounts cannot access those accounts for business purposes. By all appearances, Maremont provided her account information and passwords to her coworkers. SFDG could not have foreseen that it would violate federal law by using them to continue Maremont’s work while she was incapacitated. Yet, that is exactly what happened.

What’s the main takeaway here? If you are going to permit your employees to use their personal social media accounts for business purposes, get it in writing that you have rights to the accounts. Define who else can access the accounts, and what happens with them if the employee is incapacitated or no longer employed. Otherwise, you are potentially exposing yourself to an expensive and uncertain lawsuit to define these rights in court after the fact.